REST API Reference > Platform REST API version 3 resources > SCIM

SCIM

If your organization pushes user and group information to IDMC using SCIM 2.0, you can manage SCIM tokens and use a SCIM token to get SCIM-managed users and groups.

Before you can modify SCIM tokens, ensure that the Map SAML Groups and Roles and Enable IdP to push users/groups using SCIM 2.0 options are enabled in Administrator. Your user role must also have privileges to read and update organizations.

For more information about using SCIM 2.0 and about Administrator asset privileges, see User Administration in the Administrator help.

Managing SCIM tokens

List, create, and delete SCIM tokens.

Listing SCIM tokens

Use the scimTokens resource to request details about the SCIM tokens that you created.

GET request

To get a list of the SCIM tokens you created, use the following URI:

/public/core/v3/scimTokens

GET response

If successful, returns each SCIM token that you created and its expiration date.

Returns the error object if errors occur.

GET example

To list the SCIM tokens you created, you might use the following request:

GET <baseApiUrl>/public/core/v3/scimTokens
Content-type: application/json
Accept: application/json
INFA-SESSION-ID: <SessionId>

A successful response might look like the following example:

[
{
"id": "im2hLfwsRCvl6WG64Geqi0",
"value": "8fiXOaFR**************",
"expiry": "2025-04-28T21:05:31.000Z",
"status": "active"
}
]

Creating a SCIM token

Use the scimTokens resource to create a SCIM token. If you already have two tokens, you'll need to delete one before you can create a new token, even if one or both tokens are expired.

POST request

To create a SCIM token, use the following URI:

/public/core/v3/scimTokens

POST request example

To create a token, your request might look something like the following example:

POST <baseApiUrl>/public/core/v3/scimTokens
Content-type: application/json
Accept: application/json
INFA-SESSION-ID: <SessionId>

POST response

Returns the token response object for the token that you created.

Returns an error object if errors occur.

A successful response might look like the following example:

{
"id": "hTc5rzwEFKMh761VofJoG1",
"value": "k7UxoAAAACMAAAACAQAAAAEBAgAAAAyufel1d7nvOzJh5khiVmxxXrnYJl1iR23aBQtVPKPLTiB0qqLCp-davEg50diXElP4-Q==0s3URI0up6Ebu4sLzgtSGC",
"expiry": "2025-05-06T04:54:53.594Z",
"status": "active"
}

Deleting a SCIM token

Use the scimTokens resource to delete a SCIM token.

To delete a SCIM token, send a DELETE request using the following URI:

/public/core/v3/scimTokens/<token_id>

A successful response returns the 204 response code. If errors occur, an error object is returned.

Getting SCIM-managed user details

Get details for a SCIM-managed user based on their user name.

GET request

To get details for a SCIM-managed user, use the following URI:

/scim-service/Users?filter=userName eq \"<user name>\"

The following table describes the request headers:

Request header	Description
Content-Type	Media type of the request body. Use application/scim+json.
Authorization	SCIM token to authenticate to the request.

The following table describes optional fields in the request body:

Field	Type	Description
startIndex	Integer	Index of the first result to return using 1-based indexing.
count	Integer	Number of users to return.
sortOrder	String	Order to sort results. Use "asc" for ascending and "desc" for descending.
schemas	Array of Strings	List of schema URIs for user types.

GET response

If successful, returns details for the SCIM-managed user.

GET example

The following sample request gets details for a SCIM-managed user:

GET <serverUrl>/scim-service/Users?filter=userName eq \"scim_user\"
Content-Type: application/scim+json
Authorization: <SCIM token>

{
"startIndex": 1,
"count": 1000,
"sortOrder": "asc",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
]
}

A successful response might look like the following example:

{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"itemsPerPage": 1,
"startIndex": 1,
"Resources": [
{
"id": "0123abcd4567efgh8901ij",
"externalId": "scim_user",
"userName": "scim_user@informatica.onmicrosoft.com",
"displayName": "scim_user",
"title": "Software Engineer",
"active": true,
"emails": [
{
"value": "scim_user@informatica.onmicrosoft.com",
"type": "work",
"primary": true
}
],
"phoneNumbers": [
{
"value": "123456789",
"type": "work",
"primary": true
}
],
"addresses": [
{
"locality": "Austin",
"country": "US",
"type": "work",
"primary": true
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"department": "Software Development"
},
"meta": {
"resourceType": "User",
"created": "2025-01-15T13:22:56.000Z",
"lastModified": "2025-01-25T22:06:24.000Z",
"location": "http://dm-em.informaticacloud.com:443/scim-service/Users/0123abcd4567efgh8901ij"
}
}
]
}

Getting SCIM-managed groups

Get details for SCIM-managed groups.

GET request

To get details for SCIM-managed groups, use the following URI:

/scim-service/Groups

The following table describes the request headers:

Header	Description
Content-Type	Media type of the request body. Use application/scim+json.
Authorization	SCIM token to authenticate to the request.

The following table describes optional fields in the request body:

Field	Type	Description
startIndex	Integer	Index of the first result to return using 1-based indexing.
count	Integer	Number of groups to return.
sortOrder	String	Order to sort results. Use "asc" for ascending and "desc" for descending.
schemas	Array of Strings	List of schema URIs for user types.

GET response

If successful, returns the SCIM-managed groups.

GET example

The following sample request gets details for SCIM-managed groups:

GET <serverUrl>/scim-service/Groups
Content-Type: application/scim+json
Authorization: <SCIM token>

{
"startIndex": 1,
"count": 1000,
"sortOrder": "asc",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
]
}

A successful response might look like the following example:

{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 2,
"itemsPerPage": 2,
"startIndex": 1,
"Resources": [
{
"id": "1234efgh5678ijkl9012mn",
"externalId": "ee622900-a8cb-48e3-894a-81009876b9b7",
"displayName": "IDMC Users",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"meta": {
"resourceType": "Group",
"created": "2024-03-15T15:51:13.000Z",
"lastModified": "2024-09-09T15:55:37.000Z",
"location": "http://dm-em.informaticacloud.com:443/scim-service/Groups/1234efgh5678ijkl9012mn"
}
},
{
"id": "4567mnop7890qrst2345uv",
"externalId": "1eb94628-9e9c-4b4d-ad3f-a36d8586ab87",
"displayName": "GroupTwo",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"meta": {
"resourceType": "Group",
"created": "2024-11-29T09:56:11.000Z",
"lastModified": "2025-01-25T18:36:57.000Z",
"location": "http://dm-em.informaticacloud.com:443/scim-service/Groups/4567mnop7890qrst2345uv"
}
}
]
}